On Debian and Ubuntu servers, you can download a package using apt download command.
apt download PKG_NAME
Package will get downloaded to current working directory. Better do this to /tmp to avoid permission errors.
If you want to download package and dependencies, then use
apt-get install --download-only PKG_NAME
This will download the package and all dependency, store it in folder /var/cache/apt/archives.
If you need to remove downloaded packages, run
apt clean
Seeapt-get
To block packages from upgrading, you can use command apt-mark hold.
apt-mark hold PKG_NAME
Example
apt-mark hold libtomcat8-java tomcat8 tomcat8-admin tomcat8-common
To list packages that are on hold, run
root@ip-172-26-8-193:~# apt-mark showhold libtomcat8-java tomcat8 tomcat8-admin tomcat8-common root@ip-172-26-8-193:~#
If you want to remove block, you can use apt-mark unhold command.
apt-mark unhold libtomcat8-java tomcat8 tomcat8-admin tomcat8-common
See apt
Before you configure bridge network, make sure you have bridge-utils installed.
apt install bridge-utils
You may also need ifdown and resolvconf packages installed
apt install ifupdown resolvconf
Here is the default /etc/network/interfaces i had on the server
root@PAR-199235:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto enp1s0f0 allow-hotplug enp1s0f0 iface enp1s0f0 inet static address 163.172.107.119 broadcast 163.172.107.255 netmask 255.255.255.0 gateway 163.172.107.1 dns-nameservers 8.8.8.8 root@PAR-199235:~#
enp1s0f0 is name of the network interface card on the server.
To convert it to brudge configuration. You need to replace enp1s0f0 with br0.
Then add following to the file
bridge_ports enp1s0f0
bridge_stp off
bridge_maxwait 5
Remember to replace enp1s0f0 with your actual network card interface name.
Also remove the line
allow-hotplug enp1s0f0
Here is the final /etc/network/interface file i have.
root@PAR-199235:~# cat /etc/network/interface
cat: /etc/network/interface: No such file or directory
root@PAR-199235:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto br0
iface br0 inet static
address 163.172.107.119
broadcast 163.172.107.255
netmask 255.255.255.0
gateway 163.172.107.1
bridge_ports enp1s0f0
bridge_stp off
bridge_maxwait 5
dns-nameservers 8.8.8.8
root@PAR-199235:~#
To install kvm on Debian 10, run
apt install -y qemu-kvm
Install libvirt, it is a tool to manage kvm
apt install libvirt-clients libvirt-daemon libvirt-daemon-system
Set libvirtd to start on boot
systemctl enable libvirtd
Restart libvirtd
systemctl restart libvirtd
You can see libvirtd status with
systemctl status libvirtd
Install virtinst, it is used to create virtual machine.
apt install virtinst
To see network, run
virsh net-list --all
Start the “default” network
virsh net-start default
Set default network to auto start on boot
virsh net-autostart default
Now you have kvm and libvirtd installed. You can create virtual machine using virtinst or Virt Manager
See KVM
When running apt update, i get following error
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.cloud.google.com cloud-sdk-jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB
To fix this error, run
apt-key adv --keyserver keys.gnupg.net --recv-keys 6A030B21BA07F4FB
When running apt update on a Debian jessie server, i get following error
E: Release file for http://archive.debian.org/debian/dists/jessie-backports/InRelease is expired (invalid since 513d 20h 41min 47s). Updates for this repository will not be applied
To fix the error, run
echo "Acquire::Check-Valid-Until false;" | sudo tee -a /etc/apt/apt.conf.d/10-nocheckvalid
To install ModSecurity on Debian/Ubuntu Apache web server, run
apt-get install libapache2-mod-security2
Restart Apache web server
service apache2 restart
Verify mod_security installed with
apachectl -M | grep security
To activate ModSecurity rules, run
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
Edit
vi /etc/modsecurity/modsecurity.conf
set
SecRuleEngine = on
Get latest rules
mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
Emable the config file
cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
Edit file
vi /etc/apache2/mods-enabled/security2.conf
Add
IncludeOptional /usr/share/modsecurity-crs/*.conf IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf
Restart Apache
service apache2 restart
One of my internet provider only provide IPv4 connection. When i run apt install command, it failed with error as it try to connect using IPv6.
boby@sok-01:~$ sudo apt install php7.3-curl Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: php7.3-curl 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 29.6 kB of archives. After this operation, 123 kB of additional disk space will be used. Err:1 http://ppa.launchpad.net/ondrej/php/ubuntu bionic/main amd64 php7.3-curl amd64 7.3.13-1+ubuntu18.04.1+deb.sury.org+1 Could not connect to ppa.launchpad.net:80 (2001:67c:1560:8008::15). - connect (101: Network is unreachable) Could not connect to ppa.launchpad.net:80 (91.189.95.83), connection timed out E: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/pool/main/p/php7.3/php7.3-curl_7.3.13-1+ubuntu18.04.1+deb.sury.org+1_amd64.deb Could not connect to ppa.launchpad.net:80 (2001:67c:1560:8008::15). - connect (101: Network is unreachable) Could not connect to ppa.launchpad.net:80 (91.189.95.83), connection timed out E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? boby@sok-01:~$
To force apt to use IPv4 only, edit
sudo vi /etc/apt/apt.conf.d/99-force-ipv4
Add
Acquire::ForceIPv4 "true";
If you want to force IPv6, add
Acquire::ForceIPv6 "true";
To install Elasticsearch for Magento on Debian, install Java 1.8 and apt-transport-https
apt install -y openjdk-8-jdk-headless apt install -y apt-transport-https
Add key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
Add repository
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-6.x.list
Install Elasticsearch
apt update apt install -y elasticsearch
Enable and start Elasticsearch
systemctl enable elasticsearch systemctl restart elasticsearch
When installing a program in Ubuntu 18.04 server minimal installation, i get following error
debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.) debconf: falling back to frontend: Readline
To fix this, run
apt -y install whiptail
OR
apt -y install dialog
Related Posts
To install tor on Ubuntu/Debian, run
apt install tor
Default configuration file for tor is /etc/tor/torrc
To enable hidden service, edit /etc/tor/torrc
vi /etc/tor/torrc
uncomment lines
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80
Create folder for your hidden service
mkdir /var/lib/tor/hidden_service/ chmod 700 /var/lib/tor/hidden_service/ chown -R debian-tor:debian-tor /var/lib/tor/hidden_service/
You need to install Apache/Nginx etc.. to serve your web application. Make sure to configure web application listen on 127.0.0.0:80
Now restart tor with command
systemctl start tor@default
Ubuntu/Debian support multiple instances of tor. You can use command “/usr/sbin/tor-instance-create” to create new tor instance. Configuration for instanced tor available at /etc/tor/instances/INSTANCE_NAME/torrc
To see URL for your Hidden service, run
cat /var/lib/tor/hidden_service/hostname
Example
root@lab:~# cat /var/lib/tor/hidden_service/hostname 3w2pkr2qcusd6rx7zq4rulq7kt4xjpsgv7nxubcy2bdbgipy4wto4aid.onion root@lab:~#
You should be able to visit the application using .onion link in Tor Browser.
You need to take backup of tor folder (/var/lib/tor/hidden_service) as it contains your secret keys, this is needed to use the .onion domain name. If you lose this, you will lose the .onion url.
To start the service on boot, run
systemctl enable tor@default
See Tor
apt-get used to manage packages in Debian/Ubuntu server.
Install A Package
apt-get install PKG_NAME
Uninstall a software (keep configuration file)
apt-get remove PKG_NAME
Uninstall a software and its configuration files
apt-get --purge remove PKG_NAME
To upgrade a software
apt-get upgrade PKG_NAME
Update Package Info
apt-get update
Remove Unwanted Programs
apt-get autoremove
Back to apt